Russia suspected in Dutch justice system breach

Published: 24 July 2025
Last updated: 24 July 2025
Russian threat actor
Image by Cybernews.

Russian-linked hackers are the prime suspects in a cyberattack that may have exposed Dutch criminal case files. The hackers lurked in the justice department’s system undetected for weeks.

"Well-informed sources" told a Dutch daily newspaper, AD, that there are strong indications that Russia-based hackers are behind the hack at the Dutch Public Prosecution Service (OM).

The warning that OM’s systems were at risk first came on June 17th, when a critical vulnerability was discovered in Citrix's NetScaler, the third-party software that the department uses for remote work. On June 17th, the released advisory marked vulnerability 9.3 on the CVSS scale, meaning that it is critical.

ADVERTISEMENT

The department told Dutch newspaper de Volkskrant that it followed the advice to update systems, but has "reason to believe" that the vulnerability in NetScaler had already been exploited before the update was implemented.

Has my data been leaked?
Check Now

As a result of the threat, OM’s computers were disconnected from the internet to prevent attackers from further access. Reportedly, the hackers may have had access to OM’s computers for weeks, having access to highly sensitive information, such as ongoing police investigations, criminal files in legal cases, and employees' personal data.

For now, there is no information on what data exactly was obtained by attackers.

Russia-linked hackers targeting the Netherlands

This is not the first time Russia-linked attackers have targeted the Netherlands. The General and Military Intelligence and Security Service concluded in May that Russian hackers were behind the theft of personal data of tens of thousands of Dutch police officers.

In September 2024, the Dutch National Police revealed that contact information for over 65,000 police officers was stolen from an exchange server using a pass-the-cookie attack. In this attack, a threat actor poses as the owner of a cookie.

ADVERTISEMENT

The cookie was likely stolen using infostealer malware, possibly operated by a third party, and was then bought by hackers via a criminal marketplace.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT